ByteOS Network

NVD Vulnerability Details :

CVE-2026-6878

Deferred

Source-cna@vuldb.com

Published At-23 Apr, 2026 | 00:16

Updated At-23 Apr, 2026 | 14:28

A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal of the file prime_math/grader.py. The manipulation leads to sandbox issue. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	6.3	MEDIUM	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary	3.1	5.6	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Secondary	2.0	5.1	MEDIUM	AV:N/AC:H/Au:N/C:P/I:P/A:P

Type: Secondary

Version: 4.0

Base score: 6.3

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Primary

Version: 3.1

Base score: 5.6

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Type: Secondary

Version: 2.0

Base score: 5.1

Base severity: MEDIUM

Vector:

AV:N/AC:H/Au:N/C:P/I:P/A:P

Weaknesses

CWE ID	Type	Source
CWE-264	Primary	cna@vuldb.com
CWE-265	Primary	cna@vuldb.com

CWE ID: CWE-264

Type: Primary

Source: cna@vuldb.com

CWE ID: CWE-265

Type: Primary

Source: cna@vuldb.com

References

Hyperlink	Source	Resource
https://github.com/zast-ai/vulnerability-reports/blob/main/bytedance/verl_rce.md	cna@vuldb.com	N/A
https://vuldb.com/submit/795257	cna@vuldb.com	N/A
https://vuldb.com/vuln/359040	cna@vuldb.com	N/A
https://vuldb.com/vuln/359040/cti	cna@vuldb.com	N/A